Table of Contents
February 7, 2024
|3m
How to Disable TLS 1.0 and TLS 1.1 via Group Policy
We have covered how to disable TLS 1.0 and TLS 1.1 on Windows Server in the previous post. That lets you know how to disable TLS protocols on a Windows Server locally. If you try disabling deprecated TLS on all the servers one after another, it may sound like an uphill task. In such a case, it could be implemented using Active Directory’s Group Policies. We have created this post to let you know how to disable TLS 1.0 and TLS 1.1 via Group Policy.
Without further due, let’s see how to disable TLS 1.0 and TLS 1.1 via Group Policy.
How to Disable TLS 1.0 and TLS 1.1 via Group Policy
Step 1. Open regedit utility
Open Group Policy Management (gpmc.msc) in a Domain Controller.
Step 2. Creating a GPO in the Domain Controller
Navigate to the OU where Policy is to be linked and right-click and select ‘Create a GP in this domain and Link it here’; In this demo select ‘Domain Controllers’ OU.
Step 3. Rename the GPO to ‘Disable_TLS 1.0_TLS 1.1’
Name the New GPO and click on ‘OK’; this creates a New GP which is linked to the OU.
Step 4. Edit the ‘Disable_TLS 1.0_TLS 1.1’ GPO
Right-click the Policy and click on ‘Edit’.
Step 5. Create Registry Item in Group Policy
Navigate to Computer Configurations –> Preferences –> Windows Settings –> Registry.
Create a new Registry by Right click on the blank space and selecting New –> Registry Item.
Step 6. Update Registry Properties
In new Registry Properties, update the details as below and click on ‘OK’.Action: UpdateHive: HKEY_LOCAL_MACHINEKey Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\ClientValue name: EnabledValue type: REG_DWORDValue data: 0Base: Hexadecimal
Step 7. [OPTIONAL] Commands to create Registry Item in Group Policy
Similar to above step, create below keys to Disable TLS 1.0 as well as TLS 1.1,
Step 8. [OPTIONAL] List of Registry Items in Group Policy
The image shows the list of Registry items created in Group Policy.
We hope this post would help you know how to disable TLS 1.0 and TLS 1.1 via Group Policy to enhance the security of your infrastructure. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instgaram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
